Site Search Navigation

Site Navigation

Site Mobile Navigation

Phone Hacking Threat Is Low, but it Exists

By Roy Furchgott August 14, 2009 11:25 amAugust 14, 2009 11:25 am

While the threat of bad guys hacking into your phone may remain minimal, it isn’t non-existent. In fact, one security expert created an attack on the iPhone – sending a virus by text message — that is basically unstoppable.

The question is what are you going to do about it? There is a trade off to be made. Features that give phones their utility, like Bluetooth and Wi-Fi, also make them vulnerable to attack.

I spoke to some security experts about relative risks to help phone owners decide which steps were worth taking to protect their phones.

The first thing to keep in mind is that smartphones are really tiny computers. “As the phone becomes more and more like a desktop, they have the same issues,” Johannes Ullrich, chief technology officer for the Internet Storm Center, which tracks Internet threats.

In fact, security experts are experiencing a certain sense of déjà vu. “We are about at the point with phones that we were with desktops in the ’80s,” said Michael Gregg, president of Superior Solutions, a computer security company. Viruses were just emerging, and there was little public awareness, he said.

Here are the risks to consider, and steps you might take.

Limit Access to Your Phone

Leaving Bluetooth on is an open invitation, but a pretty safe one. Even though a virus was sent by Bluetooth in 2004 just to prove it could be done, it never spread beyond the demonstration.

Slightly riskier is the use of Wi-Fi. Sometimes miscreants replace a real network with their own imposter network, making you think you are signed onto the legitimate Wi-Fi at, say, an airport. “The problem is if it’s a bad guy who is not really the airport,” said Charlie Miller, the security expert who created iPhone SMS virus. “Basically all of your connections, where you are sending your mail, goes through his router,” Encryption can help, but not all data sent by phone can be encrypted, he said.

Limit Risky Behavior

Far and away most malicious software is installed voluntarily, if unwittingly. “The vast majority I am seeing are tricked into downloading malware,” said Mr. Ullrich. “A Web site asks you to download a video, and that is what gets people in trouble.”

Sexy Space was just such a virus, and it got past the system that checked Symbian phone software for bad code. The malware, technically called a Trojan, would have let its creators send messages to everyone in the phone’s directory, which could be costly for the phone’s owner. The messages would prompt those friends to download the virus.

The rule here is simple. “Don’t click on random links, don’t download software.” said Mr. Ullrich. Downloading unfamiliar software may be the biggest current risk.

As for buying anti-virus software, the experts said it was not worth it for two reasons. First, the threat remains low for now. But more important, while the virus programs update daily, “viruses change by the hour,” Mr. Ullrich said.

Security software can be worthwhile for other reasons. For instance, some programs will enable you to wipe your phone’s data remotely if you happen to lose it.

And while it would seem obvious, Mr. Miller pointed out that you take a risk when you disable your phone’s defenses. For instance, don’t jailbreak your iPhone. “It breaks almost all of the security,” he said.

Limit What Bad Guys Can Take

Consider what information you really need on your phone. People sometimes keep passwords in a folder, bank numbers in a contact file, or use automatic sign-ins, which may not be the best idea. Limiting sensitive information means even if someone hacks into your phone, there isn’t much to take.

This may be the best option, Mr. Miller said. A talented and determined hacker can get around most serious firewalls.

Yes, I have a iPhone, connected with A.T,.&T. not my first choice, but the only choice with the iPhone.. ( sounds like a monoply to me) but the only choice…I get poor receiption in a lot of places that I am at, and trying to use my iPhone, and many times my calls are dropped, but I am limited to A.T. & T. But wait until my contract is up, Verizon here I come, shows much larger receiption areas all over U.S., and can probably use Google Voice also. Thanks David Pugue for your continous efforts in keeping the people aware of new and good ideas for the cell phone system.. You should run for congress, but your better off the way you are……

What's Next

About

Gadgetwise is a blog about everything related to buying and using tech products. From figuring out which gadget to buy and how to get the best deal on it to configuring it once it’s out of the box, Gadgetwise offers a mix of information, analysis and opinion to help you get the most out of your personal tech.